From patchwork Mon Aug 7 17:11:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 132313 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp1636500vqr; Mon, 7 Aug 2023 11:35:53 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGrIEaoHWa0MthdoFWsMrS2znmghDzNueFD3yowl35paUCD2Av4YQW3fuoUusE1iTPGoI9k X-Received: by 2002:a05:6512:12c8:b0:4fe:1e74:3f3a with SMTP id p8-20020a05651212c800b004fe1e743f3amr8566465lfg.58.1691433353457; Mon, 07 Aug 2023 11:35:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691433353; cv=none; d=google.com; s=arc-20160816; b=WU9dasKVSITKvPZ+X8U2pbfyC1aJLQLRTNSrSni6Um5fOuZMdJ6FYgupj3PxwM2wCO x+hoSCheoHpTvQEPdK/YF8COmYjWgn8+UEb7uKKK52Ds0y+u9SuPl2cVhXDdL3wQwo9v k8V7lduZHnbKkr7JIlJmu/44uoWE1arfzxq0suj+M4NZ2ig6i2QulmMXbCEHJcz+MEvG cvQEUAzPiiORIUDh2V5acbffopbbBSbVey/PWuPauqV5qE2JXzD958oUQf0hCrnv6PML 8YJUeezjxHTFaUG6Z9yCQahmIGj+t7FJnbWM9iNLdMkuJXR+FiWo2xsr9hcep2cVC1CI LiTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=UbyWp+oLNRPt/+dSAljB0eynibcwf4jEYqfOipDuK7A=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=dd75fYayKq1ppMg1Q+YsdhUeP58nf9oCbhDZA+7+lAOJo+Ta7KZGuIMi042Fy+Bu5d Ib8MoHhnv6H1uj+lBQKys47YexJgrGj0Dk046Z9sSn7afbJLKFMokln6i4hnfVq4bWWe tlmccIyMBm0JqjBOGqHL+YeKbX9AH8JX9fvBsDpD56j5J93bp5qk5GRN+m5WkihwEsX/ ixGEhknffLWCvPFb9fqGAAvgITRLbH0kdL5L7gHrBh6mxgNxy/oCR1dsqOKt7I48jIY4 N7Od6yo/y5pckmsvI7zkjT6M9rcKP2zt/pDwKH8Le89sZj2hpxBP1jA0n5znaF2eY1sT LjQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=YfSDQcA3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id by6-20020a0564021b0600b00522bae5282esi5555658edb.82.2023.08.07.11.35.29; Mon, 07 Aug 2023 11:35:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=YfSDQcA3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232112AbjHGRMU (ORCPT + 99 others); Mon, 7 Aug 2023 13:12:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43488 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232017AbjHGRMG (ORCPT ); Mon, 7 Aug 2023 13:12:06 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2AD5FE70; Mon, 7 Aug 2023 10:12:00 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-5232d593646so3000769a12.0; Mon, 07 Aug 2023 10:12:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1691428318; x=1692033118; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=UbyWp+oLNRPt/+dSAljB0eynibcwf4jEYqfOipDuK7A=; b=YfSDQcA35+d18QIojBvbSZe/28tkrUZwUxSp3kTApfhl9Bodd7ERM78bBxGqAl0tT1 J3N10VQE2byn4kPo8+4/1/Fj3Z3qsSqDPhe1Vu0zpUfBI5Q8D/qRKe3FO5W4iRFUUvhL Aje9BrceOyFlITtcdutUrIMmByhpKhbr41McY5F+KXnEczhZ+s5JKZY595bihtKjIiHZ pjnryZqq1lqlnWJfH4FAkaHLMCrV6cnYQ67HyT+js5Wrd18UAqDosyyn1k9NpFQ3o9f7 tpk3ltU3ffuwLYtX1dVj1gtlMlwaHDFE15VkI6/bzRVtiEtNfyS0Q69xIcD5eNRN3gDP Wccw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691428318; x=1692033118; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UbyWp+oLNRPt/+dSAljB0eynibcwf4jEYqfOipDuK7A=; b=UjN/JH2n+VRsi6FMQ3a3rlyoC5Ugy2ZLl1FIqlZJdMMQXgzon2GNaGYDCg4jbIk4Ow 7hXVxA9DPPJdmEOsDk9SNrQoqPu7uIZf5xHxwPFAx9GFS9jgh2XLxhKaXNdLxaGmDBYS 7c/7aIGE8PTv6NXXGZqAnujGHWiF0wx+EGfGYpj5tpBo3w5X2N1yxQ/80xzlcmSf9FPF T4H2ESlP8/soTedTnEOsw2GcZVgKuB1hDta5eNYuQ6wQDAuql4qIdRepmyQK/t6mb9iu PLsDL0COQ98lOXFwdkwuTZkZ2Z1/T7iP/N5BfQporKJQF2nRQ9Mugg9ztWxZg5veZhNB KNsw== X-Gm-Message-State: AOJu0YwxH4CEZSrXMWIc/Ud9AcZGIk6sVZl1ScviNJQkYmekJRQ+E2EB dGMXOUU2VjgrJls0IEJa2eu0DXKsLHVr9Q== X-Received: by 2002:a05:6402:b11:b0:522:564d:6de with SMTP id bm17-20020a0564020b1100b00522564d06demr9760205edb.36.1691428318591; Mon, 07 Aug 2023 10:11:58 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-095-112-033-028.95.112.pool.telefonica.de. [95.112.33.28]) by smtp.gmail.com with ESMTPSA id e10-20020a056402148a00b005224d960e66sm5420814edv.96.2023.08.07.10.11.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 10:11:58 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [PATCH v3 1/7] selinux: avoid implicit conversions in avtab code Date: Mon, 7 Aug 2023 19:11:42 +0200 Message-Id: <20230807171143.208481-7-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230807171143.208481-1-cgzones@googlemail.com> References: <20230807171143.208481-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773596419966779926 X-GMAIL-MSGID: 1773596419966779926 Return u32 from avtab_hash() instead of int, since the hashing is done on u32 and the result is used as an index on the hash array. Use the type of the limit in for loops. Avoid signed to unsigned conversion of multiplication result in avtab_hash_eval() and perform multiplication in destination type. Use unsigned loop iterator for index operations, to avoid sign extension. Signed-off-by: Christian Göttsche --- v3: - use fixed sized counters in avtab_hash_eval() - perform multiplication in avtab_hash_eval() in destination type v2: avoid declarations in init-clauses of for loops --- security/selinux/ss/avtab.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 243e5dabfa86..86d98a8e291b 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -29,7 +29,7 @@ static struct kmem_cache *avtab_xperms_cachep __ro_after_init; /* Based on MurmurHash3, written by Austin Appleby and placed in the * public domain. */ -static inline int avtab_hash(const struct avtab_key *keyp, u32 mask) +static inline u32 avtab_hash(const struct avtab_key *keyp, u32 mask) { static const u32 c1 = 0xcc9e2d51; static const u32 c2 = 0x1b873593; @@ -66,7 +66,7 @@ static inline int avtab_hash(const struct avtab_key *keyp, u32 mask) } static struct avtab_node* -avtab_insert_node(struct avtab *h, int hvalue, +avtab_insert_node(struct avtab *h, u32 hvalue, struct avtab_node *prev, const struct avtab_key *key, const struct avtab_datum *datum) { @@ -106,7 +106,7 @@ avtab_insert_node(struct avtab *h, int hvalue, static int avtab_insert(struct avtab *h, const struct avtab_key *key, const struct avtab_datum *datum) { - int hvalue; + u32 hvalue; struct avtab_node *prev, *cur, *newnode; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -152,7 +152,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, const struct avtab_key *key, const struct avtab_datum *datum) { - int hvalue; + u32 hvalue; struct avtab_node *prev, *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -186,7 +186,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_node *avtab_search_node(struct avtab *h, const struct avtab_key *key) { - int hvalue; + u32 hvalue; struct avtab_node *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -246,7 +246,7 @@ avtab_search_node_next(struct avtab_node *node, u16 specified) void avtab_destroy(struct avtab *h) { - int i; + u32 i; struct avtab_node *cur, *temp; if (!h) @@ -325,7 +325,7 @@ int avtab_alloc_dup(struct avtab *new, const struct avtab *orig) #ifdef CONFIG_SECURITY_SELINUX_DEBUG void avtab_hash_eval(struct avtab *h, const char *tag) { - int i, chain_len, slots_used, max_chain_len; + u32 i, chain_len, slots_used, max_chain_len; unsigned long long chain2_len_sum; struct avtab_node *cur; @@ -344,7 +344,7 @@ void avtab_hash_eval(struct avtab *h, const char *tag) if (chain_len > max_chain_len) max_chain_len = chain_len; - chain2_len_sum += chain_len * chain_len; + chain2_len_sum += (unsigned long long)chain_len * chain_len; } } @@ -374,13 +374,13 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, { __le16 buf16[4]; u16 enabled; - u32 items, items2, val, vers = pol->policyvers; + u32 items, items2, val, i; struct avtab_key key; struct avtab_datum datum; struct avtab_extended_perms xperms; __le32 buf32[ARRAY_SIZE(xperms.perms.p)]; - int i, rc; - unsigned set; + int rc; + unsigned int set, vers = pol->policyvers; memset(&key, 0, sizeof(struct avtab_key)); memset(&datum, 0, sizeof(struct avtab_datum)); @@ -616,7 +616,7 @@ int avtab_write_item(struct policydb *p, const struct avtab_node *cur, void *fp) int avtab_write(struct policydb *p, struct avtab *a, void *fp) { - unsigned int i; + u32 i; int rc = 0; struct avtab_node *cur; __le32 buf[1]; From patchwork Mon Aug 7 17:11:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 132338 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp1670704vqr; Mon, 7 Aug 2023 12:39:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHoAPDuwCfgHlaA8m0VBph8Y208G9cfecrR5gCCvQQGDIfw7B9eYw1Th3PboYhB9J+vnXdZ X-Received: by 2002:a05:6a21:3389:b0:138:3302:1471 with SMTP id yy9-20020a056a21338900b0013833021471mr12497213pzb.6.1691437174955; Mon, 07 Aug 2023 12:39:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691437174; cv=none; d=google.com; s=arc-20160816; b=XsHLvdEkV97T84e0zeBZdBtyYSHTVDUwK9Wl+3SWSRO4qqvTCFXDuRYqsGMgewuYwG NJuHjEPk9pE05KtRnK1YsPY3qgSD5UEYERBklqtwS7G6wE4yNUg4UGJvodVGuSWZ4KDz J0je+AwhIMLe+myvW19R3oA6MRdNpK4CCsGZFqXhsgv6eNkE6iJvOQc5YEtonIhGICO4 MKrUURK8PL6VwoveuY5Hc0L6/3sKksobnByh8UUkz5BWj+hVNXvknUAa7t0xKisRK6Eh 3yARHsDByzbfkfUDU5nLdoclw1/f/W6nhXR0tAjL/HDldpIDDSStGS06NJEU9qjtPz4o BcmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=91Gmk6Fr/6dr1y5e1Un8IQAei2hCeUpFt2/NafYkIYw=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=EuGO/GnbsAgfHgU9/zOWT9TXbk3/yK9IUcUOeiRTBmH/Xy2nF8KVIEskBT/UD1+TKp HxFORgGCR+86ItPx1JDk4T6PvmXyXLhMhazWA5vr28QhLTn8T0AYvdsYf8rLM2LW3rEy zg0vWjRjaQYIb6pgqD5pODHv26xZUB6Z0GnfCgyQCJTzFTk3PcTBW3YMATFynC1lKZZq nZnujG41emw0sfnj+sJoi3y8Yf6SRsY0pTwSSh+z0F1jYYqATsQNhfGIE0Hjj5fx1GHP Y+d3o+dIP5r3N55gdsbXxLP15pormn9/IP2JjVHtHpFd/4xujT/uAFNCiq5ox6pdeMFR eHRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=Umdcuymn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n5-20020a635c45000000b0055c875d784dsi5816753pgm.374.2023.08.07.12.39.16; Mon, 07 Aug 2023 12:39:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=Umdcuymn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230123AbjHGRL5 (ORCPT + 99 others); Mon, 7 Aug 2023 13:11:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229540AbjHGRLz (ORCPT ); Mon, 7 Aug 2023 13:11:55 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3CEA2E65; Mon, 7 Aug 2023 10:11:53 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-52256241c66so10095658a12.1; Mon, 07 Aug 2023 10:11:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1691428312; x=1692033112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=91Gmk6Fr/6dr1y5e1Un8IQAei2hCeUpFt2/NafYkIYw=; b=UmdcuymnCLwJuzHNUbTxI8x2DZH8VI0wbSoC1PnCKw9INMY8mxAUw4OX8SzyM3mo3T MWwMkXlTo6SSo2NVp1c2PLMcvyCcnLvpVk8iLQEmS3ImyJVPhACMuch9oQeCDy/KbaRf kwL5+2TjRDM9wf5ykEmNuPN8/33S5Jo99doNZ44TtG/2Ajik5RcC2p/kI0lSTnm34oIg WQq+GHqhLb55zH/FXBo8RqS7G1Wg5C94p6ln36ywxWVau2lE5PbLUwXbAo/1944pb81o Uta4z76K+lfpqWlazHfYVvJtVDcNv7XoN3bseOaX1DgVHZeFSe7pt0i+Z7CzrbV3A+iF 6Tbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691428312; x=1692033112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=91Gmk6Fr/6dr1y5e1Un8IQAei2hCeUpFt2/NafYkIYw=; b=JCeZLw4xmFyxfGNG8ee2YMDc0BPc2hKgd7h6XZrGn04leTowNZoUqd2lC7WM6gIm0j XoB6IBQ0Q4Mp52EJCuAE+0fgjfdiqGp+EOGPx9jj4RDUXsbEKB3pMoC0LCkTtaa2N8Bm +ievwT47cj+n+xv4IBaeSJH9L32fM4tSZ2aBhYjbAjFXgaRFT2gQc152aA5iS64C0RKR OMrRN7iAa1anNUE7e/fkOtm7z/YA0pVHOHWa4MSOJ7oOg56uG2b0OouMQizrGscC2liQ 3LUioYnoE1/JFe2L+GdhcJUzmFhmHYZ1QUDK/202J2k9rtvszyRJ3fRnKwPcH7tlmWxr I1KA== X-Gm-Message-State: AOJu0YwXMAZLqa1JbmFkh62DXd3qzfh/TGLrO+G2BDEk1XVHFBXd+Fo5 iNGBKwaMfoviaIsSDjTD2MiVkaWIHnPRig== X-Received: by 2002:a05:6402:50cf:b0:51d:b184:efd with SMTP id h15-20020a05640250cf00b0051db1840efdmr8480945edb.20.1691428311476; Mon, 07 Aug 2023 10:11:51 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-095-112-033-028.95.112.pool.telefonica.de. [95.112.33.28]) by smtp.gmail.com with ESMTPSA id e10-20020a056402148a00b005224d960e66sm5420814edv.96.2023.08.07.10.11.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 10:11:51 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [PATCH v3 2/7] selinux: use u32 as bit type in ebitmap code Date: Mon, 7 Aug 2023 19:11:36 +0200 Message-Id: <20230807171143.208481-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773600427429425336 X-GMAIL-MSGID: 1773600427429425336 The extensible bitmap supports bit positions up to U32_MAX due to the type of the member highbit being u32. Use u32 consistently as the type for bit positions to announce to callers what range of values is supported. Signed-off-by: Christian Göttsche --- v3: - revert type change of unrelated iter variable - use U32_MAX instead of (u32)-1 v2: avoid declarations in init-clauses of for loops --- security/selinux/ss/ebitmap.c | 29 +++++++++++++++-------------- security/selinux/ss/ebitmap.h | 32 ++++++++++++++++---------------- 2 files changed, 31 insertions(+), 30 deletions(-) diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 77875ad355f7..a313e633aa8e 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -24,7 +24,7 @@ #include "ebitmap.h" #include "policydb.h" -#define BITS_PER_U64 (sizeof(u64) * 8) +#define BITS_PER_U64 ((u32)(sizeof(u64) * 8)) static struct kmem_cache *ebitmap_node_cachep __ro_after_init; @@ -82,7 +82,8 @@ int ebitmap_cpy(struct ebitmap *dst, const struct ebitmap *src) int ebitmap_and(struct ebitmap *dst, const struct ebitmap *e1, const struct ebitmap *e2) { struct ebitmap_node *n; - int bit, rc; + u32 bit; + int rc; ebitmap_init(dst); @@ -259,7 +260,7 @@ int ebitmap_contains(const struct ebitmap *e1, const struct ebitmap *e2, u32 las return 1; } -int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit) +int ebitmap_get_bit(const struct ebitmap *e, u32 bit) { const struct ebitmap_node *n; @@ -276,7 +277,7 @@ int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit) return 0; } -int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value) +int ebitmap_set_bit(struct ebitmap *e, u32 bit, int value) { struct ebitmap_node *n, *prev, *new; @@ -287,7 +288,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value) if (value) { ebitmap_node_set_bit(n, bit); } else { - unsigned int s; + u32 s; ebitmap_node_clr_bit(n, bit); @@ -365,12 +366,12 @@ void ebitmap_destroy(struct ebitmap *e) int ebitmap_read(struct ebitmap *e, void *fp) { struct ebitmap_node *n = NULL; - u32 mapunit, count, startbit, index; + u32 mapunit, count, startbit, index, i; __le32 ebitmap_start; u64 map; __le64 mapbits; __le32 buf[3]; - int rc, i; + int rc; ebitmap_init(e); @@ -384,7 +385,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) if (mapunit != BITS_PER_U64) { pr_err("SELinux: ebitmap: map size %u does not " - "match my size %zd (high bit was %d)\n", + "match my size %d (high bit was %d)\n", mapunit, BITS_PER_U64, e->highbit); goto bad; } @@ -471,18 +472,18 @@ int ebitmap_read(struct ebitmap *e, void *fp) int ebitmap_write(const struct ebitmap *e, void *fp) { struct ebitmap_node *n; - u32 count; + u32 bit, count, last_bit, last_startbit; __le32 buf[3]; u64 map; - int bit, last_bit, last_startbit, rc; + int rc; buf[0] = cpu_to_le32(BITS_PER_U64); count = 0; last_bit = 0; - last_startbit = -1; + last_startbit = U32_MAX; ebitmap_for_each_positive_bit(e, n, bit) { - if (rounddown(bit, (int)BITS_PER_U64) > last_startbit) { + if (last_startbit == U32_MAX || rounddown(bit, BITS_PER_U64) > last_startbit) { count++; last_startbit = rounddown(bit, BITS_PER_U64); } @@ -496,9 +497,9 @@ int ebitmap_write(const struct ebitmap *e, void *fp) return rc; map = 0; - last_startbit = INT_MIN; + last_startbit = U32_MAX; ebitmap_for_each_positive_bit(e, n, bit) { - if (rounddown(bit, (int)BITS_PER_U64) > last_startbit) { + if (last_startbit == U32_MAX || rounddown(bit, BITS_PER_U64) > last_startbit) { __le64 buf64[1]; /* this is the very first bit */ diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h index e3c807cfad90..43c32077d483 100644 --- a/security/selinux/ss/ebitmap.h +++ b/security/selinux/ss/ebitmap.h @@ -44,10 +44,10 @@ struct ebitmap { #define ebitmap_length(e) ((e)->highbit) -static inline unsigned int ebitmap_start_positive(const struct ebitmap *e, +static inline u32 ebitmap_start_positive(const struct ebitmap *e, struct ebitmap_node **n) { - unsigned int ofs; + u32 ofs; for (*n = e->node; *n; *n = (*n)->next) { ofs = find_first_bit((*n)->maps, EBITMAP_SIZE); @@ -62,11 +62,11 @@ static inline void ebitmap_init(struct ebitmap *e) memset(e, 0, sizeof(*e)); } -static inline unsigned int ebitmap_next_positive(const struct ebitmap *e, +static inline u32 ebitmap_next_positive(const struct ebitmap *e, struct ebitmap_node **n, - unsigned int bit) + u32 bit) { - unsigned int ofs; + u32 ofs; ofs = find_next_bit((*n)->maps, EBITMAP_SIZE, bit - (*n)->startbit + 1); if (ofs < EBITMAP_SIZE) @@ -86,10 +86,10 @@ static inline unsigned int ebitmap_next_positive(const struct ebitmap *e, (((bit) - (node)->startbit) % EBITMAP_UNIT_SIZE) static inline int ebitmap_node_get_bit(const struct ebitmap_node *n, - unsigned int bit) + u32 bit) { - unsigned int index = EBITMAP_NODE_INDEX(n, bit); - unsigned int ofs = EBITMAP_NODE_OFFSET(n, bit); + u32 index = EBITMAP_NODE_INDEX(n, bit); + u32 ofs = EBITMAP_NODE_OFFSET(n, bit); BUG_ON(index >= EBITMAP_UNIT_NUMS); if ((n->maps[index] & (EBITMAP_BIT << ofs))) @@ -98,20 +98,20 @@ static inline int ebitmap_node_get_bit(const struct ebitmap_node *n, } static inline void ebitmap_node_set_bit(struct ebitmap_node *n, - unsigned int bit) + u32 bit) { - unsigned int index = EBITMAP_NODE_INDEX(n, bit); - unsigned int ofs = EBITMAP_NODE_OFFSET(n, bit); + u32 index = EBITMAP_NODE_INDEX(n, bit); + u32 ofs = EBITMAP_NODE_OFFSET(n, bit); BUG_ON(index >= EBITMAP_UNIT_NUMS); n->maps[index] |= (EBITMAP_BIT << ofs); } static inline void ebitmap_node_clr_bit(struct ebitmap_node *n, - unsigned int bit) + u32 bit) { - unsigned int index = EBITMAP_NODE_INDEX(n, bit); - unsigned int ofs = EBITMAP_NODE_OFFSET(n, bit); + u32 index = EBITMAP_NODE_INDEX(n, bit); + u32 ofs = EBITMAP_NODE_OFFSET(n, bit); BUG_ON(index >= EBITMAP_UNIT_NUMS); n->maps[index] &= ~(EBITMAP_BIT << ofs); @@ -126,8 +126,8 @@ int ebitmap_cmp(const struct ebitmap *e1, const struct ebitmap *e2); int ebitmap_cpy(struct ebitmap *dst, const struct ebitmap *src); int ebitmap_and(struct ebitmap *dst, const struct ebitmap *e1, const struct ebitmap *e2); int ebitmap_contains(const struct ebitmap *e1, const struct ebitmap *e2, u32 last_e2bit); -int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit); -int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value); +int ebitmap_get_bit(const struct ebitmap *e, u32 bit); +int ebitmap_set_bit(struct ebitmap *e, u32 bit, int value); void ebitmap_destroy(struct ebitmap *e); int ebitmap_read(struct ebitmap *e, void *fp); int ebitmap_write(const struct ebitmap *e, void *fp); From patchwork Mon Aug 7 17:11:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 132296 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp1606243vqr; Mon, 7 Aug 2023 10:38:56 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFpRJdKNO56m1bwqmTxGzTy/nqkgvw6eD8okESinUsPrFyqbfbmaY+N0Pp0o/BahUC0U+9A X-Received: by 2002:a17:902:ecc5:b0:1b0:307c:e6fe with SMTP id a5-20020a170902ecc500b001b0307ce6femr9773425plh.10.1691429936366; Mon, 07 Aug 2023 10:38:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691429936; cv=none; d=google.com; s=arc-20160816; b=AcrVFT9WI/4NdfCcvYgXt6eFUti3bL8UFbUhJclDQ58NqZHZER/sOgLYjQ8UswPF5D x94fewe5meTo0gq+5KdtJHkLObW1L8QqtxNOKTQooKK9RvNe4ZTtkvF9nmDOr7ufwvfr wzMNxVS/gBIiN1i30g4O4nDMC3fNuZi+GLgd4VNJJi7X5UKfIP5/jGT3PRfwDpjQq+/U 6YrDxB5Ys/7IKJ4kH7Rp6jWbw4FTI+4h3lrjfc0Rk9ZtJjo9J28ygELe2bzwtFtGaX02 Qk4jLCkU8RbLIbmQgxc65PQXIBdjKWKGu7Z3/qe5RBjq1d479jCpHpCW4axGBQq5g5v0 CKcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=DciKbSFWjq2a4hr5WGLiRBew39Nly0oMydCVVcPx1pg=; fh=fBY5D/IDrKFsN9mMQMRE3IlhWmhEeMbp24YlZR3fWbQ=; b=TO3wpSfgcDBbXOJNZwukCgiQcyadRqI5zfq6VOX/joxjyZvknW0bvErhcdufQ+95fu AtlAynF1oNAKXAd7YaPFxX7dOOLlEN/SVPpvPuH/rcVfMchV9ExYXVbbO8KTaV3jcz/m JGjuEtOOzG86nqqDd6079KmO/lq9gmKH8fkUzLbyvNpqkStpeUwGqfRPrVQGzglOjCZ9 2J0gOc4n7MRZGz3y97KSlfLM//9cw8WoCBFTYdWUxyZ3bFfPpbsmPthmA4iZyVK/p7fL R7HQLzx8TYPmZsyFhYTCFwdUGNgGJkCWDC9OSP/UiCS6I3XfBKwoV9hfssJWU1Bn++QX Iu0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=niNzslaP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ky16-20020a170902f99000b001bbd2599ac7si5901097plb.53.2023.08.07.10.38.41; Mon, 07 Aug 2023 10:38:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=niNzslaP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231199AbjHGRL6 (ORCPT + 99 others); Mon, 7 Aug 2023 13:11:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230267AbjHGRL5 (ORCPT ); Mon, 7 Aug 2023 13:11:57 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B134AB1; Mon, 7 Aug 2023 10:11:54 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-523108efb36so5373265a12.1; Mon, 07 Aug 2023 10:11:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1691428313; x=1692033113; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DciKbSFWjq2a4hr5WGLiRBew39Nly0oMydCVVcPx1pg=; b=niNzslaPuqd7b5KcbIfKjJtnuLsnsuv8tUmWZXErPSYM+0cghYrb6PsPGWaXsoTZfa HvRLqZYfWeo+6mPmYKRm/BUGjcxWYp/SMd6RQwFr/K5Lq5Zo3wUOFRwIuJ+z+JYoWmG9 OUyj22fJqir6AXH+A0uAj581d59d+XKDPXa1SLBhV5e1f/tmCAeQ7RDb13QBfiF6poCQ 9KuR3QziNequ0LHYYUJQzF3p2cyP6JoUpPbPtYDig+eCMNFTm62HLnrxzXwAq3Qeje4Q ULkZpnaQoVAeL2sGiMK7E8VpUrPX7GE5hFgJ0npTUtYzTooVzBNTCxUlcNrT8eCEYRLA pmpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691428313; x=1692033113; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DciKbSFWjq2a4hr5WGLiRBew39Nly0oMydCVVcPx1pg=; b=TU+eXmr5eEwPoSwuYP01Ou7o/a67b5xCi7crLakIinR9qzuSxhXwB11mndkZHzw8lF EYsMYRDoiSurWZRDVwotmO9dVvS2qIgFEYctl4D94HKBKgKxjDDKGl8BJVoj2zTMdjwQ E5b5otzradPqUg4iPe2UHSpG+pZnIt3K9DM6TPMbfO8jyx3mIffMliYBGAU8rZ+Wsk6q /Txnx5DgXaGZywM+gI9Iedp1ElhkODyhYwhli4oxdvNGWzS5YF/qMRCcHELLsBrVDTX8 JbPZwqiAoxFvWyg7jteSfBS5gDioo8ukfyi5WGsiMmqK5mC1HHJZYljH6EHYgNEeGFmC eBzw== X-Gm-Message-State: AOJu0YxBL5meCtRVq7r2/sEYOAqsfEygR6ywbQuY3+UfeRy8DDRgD6OC ih7zTldA75eJSRl014FJnZBpqFBG3gOxbg== X-Received: by 2002:a05:6402:1059:b0:522:2782:532 with SMTP id e25-20020a056402105900b0052227820532mr7892346edu.30.1691428313067; Mon, 07 Aug 2023 10:11:53 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-095-112-033-028.95.112.pool.telefonica.de. [95.112.33.28]) by smtp.gmail.com with ESMTPSA id e10-20020a056402148a00b005224d960e66sm5420814edv.96.2023.08.07.10.11.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 10:11:52 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [PATCH v3 3/7] selinux: update type for number of class permissions in services code Date: Mon, 7 Aug 2023 19:11:37 +0200 Message-Id: <20230807171143.208481-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230807171143.208481-1-cgzones@googlemail.com> References: <20230807171143.208481-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773592837143781950 X-GMAIL-MSGID: 1773592837143781950 Security classes have only up to 32 permissions, hence using an u16 is sufficient (while improving padding in struct selinux_mapping). Signed-off-by: Christian Göttsche --- v3: - drop type change of arithmetic variable; it might effect performance as suggested by David. - split bogus and corrected cast into separate patch v2: update commit description: - mention struct selinux_mapping in the padding argument (currently between the first and second member there are 2 bytes padding) - mention overflow in the cast argument and the result of setting no bits due to it --- security/selinux/ss/services.c | 2 +- security/selinux/ss/services.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 3ec0bb39c234..dacec2ebdcd7 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -97,7 +97,6 @@ static int selinux_set_mapping(struct policydb *pol, struct selinux_map *out_map) { u16 i, j; - unsigned k; bool print_unknown_handle = false; /* Find number of classes in the input mapping */ @@ -117,6 +116,7 @@ static int selinux_set_mapping(struct policydb *pol, while (map[j].name) { const struct security_class_mapping *p_in = map + (j++); struct selinux_mapping *p_out = out_map->mapping + j; + u16 k; /* An empty class string skips ahead */ if (!strcmp(p_in->name, "")) { diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h index ed2ee6600467..d24b0a3d198e 100644 --- a/security/selinux/ss/services.h +++ b/security/selinux/ss/services.h @@ -12,7 +12,7 @@ /* Mapping for a single class */ struct selinux_mapping { u16 value; /* policy value for class */ - unsigned int num_perms; /* number of permissions in class */ + u16 num_perms; /* number of permissions in class */ u32 perms[sizeof(u32) * 8]; /* policy values for permissions */ }; From patchwork Mon Aug 7 17:11:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 132286 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp1596867vqr; Mon, 7 Aug 2023 10:21:30 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFAnR2DwEJ9i96KW7x2EmJLnRxLY8rW2K1yaGc396ummQXjZLoWQVjaDw2gAR48XznRCwN/ X-Received: by 2002:a17:903:2351:b0:1b8:9b1b:ae7a with SMTP id c17-20020a170903235100b001b89b1bae7amr9791413plh.34.1691428889688; Mon, 07 Aug 2023 10:21:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691428889; cv=none; d=google.com; s=arc-20160816; b=KYN6A1nfmivImPYLAwZJfVfccvhHZqoMRAdzKVGdCoOP1rcWkDnta5iIoJl+zCjZVZ xBwMrQrXkMw5I7to25rI3B0BJdXvV/tunu4w6QklKiiWvv17dbp3z34fNUQg6xB8+bd4 Lc5IvHvNbXPtNdIiAKvgIx5Q3RNmIO+2vg48AlUFCj0QeiL9cy1BsGa2GM3fzdKhIR5P YWlclaXOXK9X1U0LvibKy4LuluqI/CdUwSs6GKzsd7ccyCEZsBWbgBJISGvHsJUkPUEC 7qi4D6X5DrmArgf2Vf8ig5JmGxMjUyuvdfpHixZrZQl+vUOLyRRWAymYkF2BRlmg77d2 zCaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1KhCpc37sMq8hfJahbNI7sAkZNZxhd0cG15a8ZsTo7w=; fh=fBY5D/IDrKFsN9mMQMRE3IlhWmhEeMbp24YlZR3fWbQ=; b=oJeGq5x4Q9n0ieIpA3XzRurnT2QthuO6KptnMytEIffbs99xOeKlZRSIzniit+cVUw Tp6Erp2AEn7K09R6HwMw4Ma4pQjK4LpxAz6zfwJeR2cw6lkTRNiAzVbwkDpWM3C11ycO R2sRoUL4VbA1//XcndfP1Mk9h9GlFexKL1VM04Eo4KjCHmHmEKGZNdJoPqquetMKg6HE w2py3exTGoXxnP+7T/ADT3KzVAkyMucGT8L4s21xaQK1DSpWF0ySQaatzXpYH+ocq140 YR/D5zCrJKpCjLro1X7VCabJa6QE+DxLqdKxzQSrjJm6twh8k8QeEmc7OhlLuhvcBWdW TkPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=Sh52Dhym; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y5-20020a17090322c500b001bc671d6d15si2535142plg.614.2023.08.07.10.21.15; Mon, 07 Aug 2023 10:21:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=Sh52Dhym; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231864AbjHGRMB (ORCPT + 99 others); Mon, 7 Aug 2023 13:12:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230506AbjHGRL5 (ORCPT ); Mon, 7 Aug 2023 13:11:57 -0400 Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85CC8E65; Mon, 7 Aug 2023 10:11:56 -0700 (PDT) Received: by mail-lf1-x133.google.com with SMTP id 2adb3069b0e04-4fe11652b64so7387754e87.0; Mon, 07 Aug 2023 10:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1691428314; x=1692033114; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1KhCpc37sMq8hfJahbNI7sAkZNZxhd0cG15a8ZsTo7w=; b=Sh52DhymwxQXUXmMTjKNMSN1j8bLQn0UKLirqyD6CTjQY6jT0qgixd5ekHUsNSvjAT NlctFiVmROOkJknjucfzWTja1FcU6YDglvns52lOeWG3kVzAEAwAYT6FegYBnEFOATV6 uN/xcY8WqD1IN+5GQ3ReC/fSjiAkkyTzqc+OZFgPK5m9GvioP2sNfl6IgdnDVmxj3jAb p6Ar8cCtSlv8+arYuzGOaqPHU/93hu0gzwdL0g4azaB6+tludIQBKv28zo80yUwuc7bV /wLlRxRObF/x1PzqOTKKtsAnvBkP1Zzhv8KQk0eQ5JwrtNhc2zxAGi3XVWLe4JWvwsPH io4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691428314; x=1692033114; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1KhCpc37sMq8hfJahbNI7sAkZNZxhd0cG15a8ZsTo7w=; b=JVolW9NyUux8obmOVL9CVfArQln5TlrqnRkxTlMT48d98/KvFfc+Xs0QTwNE/WvQzi O3cqTTDz1Tjp9h91HuoTDAuNvI1xJVauLg/0YQE/b3M6NJDCzAhTw/7rEaFoI7qSX5lu JHEIp+MULEZskAE8AQbHcsiFsfr72MwhMilYvfHeXKB8Z0ZelSkaPZpiz/+QWHRThzKK xw51z83q4LjOhM/jqlCLu4AHkVCWEdYxyMm0WLQ0ODtZx36dRWGJEyO9tJ/ZLU0yQvkN EU9JYs0FJUXvcHe4smE5MCmkKFDffgZtsEEa0YKYDPBJAepaRIV7RWTwNrCz2cFLkksW C5FA== X-Gm-Message-State: AOJu0Ywdf/vB43TOXk0gJ5x21/bqMaaLa4g+7XOXEP7ZVrQcNAXewV+K wVR8bRbL71HuLG6L0GiJYulbVIz0jPONWg== X-Received: by 2002:a19:6742:0:b0:4fb:7d73:d097 with SMTP id e2-20020a196742000000b004fb7d73d097mr5892482lfj.39.1691428314359; Mon, 07 Aug 2023 10:11:54 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-095-112-033-028.95.112.pool.telefonica.de. [95.112.33.28]) by smtp.gmail.com with ESMTPSA id e10-20020a056402148a00b005224d960e66sm5420814edv.96.2023.08.07.10.11.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 10:11:54 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [PATCH v3 4/7] selinux: make left shifts well defined Date: Mon, 7 Aug 2023 19:11:38 +0200 Message-Id: <20230807171143.208481-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230807171143.208481-1-cgzones@googlemail.com> References: <20230807171143.208481-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773591739426130871 X-GMAIL-MSGID: 1773591739426130871 The loops upper bound represent the number of permissions used (for the current class or in general). The limit for this is 32, thus we might left shift of one less, 31. Shifting a base of 1 results in undefined behavior; use (u32)1 as base. Signed-off-by: Christian Göttsche --- v3: split from parent commit and apply cast to correct shift operand --- security/selinux/ss/services.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index dacec2ebdcd7..1eeffc66ea7d 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -207,22 +207,22 @@ static void map_decision(struct selinux_map *map, for (i = 0, result = 0; i < n; i++) { if (avd->allowed & mapping->perms[i]) - result |= 1<perms[i]) - result |= 1<allowed = result; for (i = 0, result = 0; i < n; i++) if (avd->auditallow & mapping->perms[i]) - result |= 1<auditallow = result; for (i = 0, result = 0; i < n; i++) { if (avd->auditdeny & mapping->perms[i]) - result |= 1<perms[i]) - result |= 1<auditdeny = result; } } From patchwork Mon Aug 7 17:11:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 132322 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp1644291vqr; Mon, 7 Aug 2023 11:53:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHnmwyWLR7RBY67znCJJ1nIlhCI80pJuvewmiOminOBm1fJ0+GEH/sEJEfoZB+3m7bIb5tU X-Received: by 2002:a17:906:76d4:b0:99c:75f7:19c1 with SMTP id q20-20020a17090676d400b0099c75f719c1mr8012134ejn.39.1691434430374; Mon, 07 Aug 2023 11:53:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691434430; cv=none; d=google.com; s=arc-20160816; b=QaQ70iEDvgUTsNQCGH6BqnzMgpsGjg6BYdtKR3rNIo87DN01DCqSXrhrwyRgDDvzDm QM5AA+5TfMPhp9jyiG9yt4nDw+DhR4PhTdLuQcWHbLE520TzkTJir3vMVSdmxqYwT9Jn hhcPw7VjQ4fqpWLvgkYQoofXroA4nzRMaGM2tE3bIA8xxnxjypBYvJIon9p90hJn1E/Z w3K7EuaN55JM4pe+4HFzDNoTsGM+PTePrx9NOxtqt8Fho8baFjUs77MFuExcUHKDgzuh tgeDv1DNDecaYys7DaFWgQ58iQFr9rDjB5hnPfZcekg80R+XxoevBlWfGQUW/uixUNTI /ceQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=n++x1VyupiNA1jLZvucgYL91izWJdNor+dndheNguCo=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=WBieyc4wE48tgrpNvvr+Hd3h3kHLp4Jwg5gOq6lA5iUC8QugiYBXcSYNjjNs8Yu79+ LiBSQ9uNc8s6DFsY3M3FWeFYrWgv6CjgObshbgfQoJjZQBXytW6dc66GhSrLxfq8PxUJ p3fj7H59IgVSt9BrOFuE8vaVdRRr8iRF4A06vU8dyccg/v5ztq0VaDwLDDKPL6omLNiO hscZvSVAX96MIq4ozwbh2fDPwDR6Zcg96uch2lBECBzZRvASMzMGxmAmJdSjf3H9ghu7 6J47HmPKgpEzFrn6lI7g/0g5bMAxfEs81BEcggdq0FKpRRqV3suZ7Chb3ksF+RoGFBj3 7C/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=W9Rx6Eoz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t22-20020a17090605d600b00992c3b85acbsi6270558ejt.128.2023.08.07.11.53.26; Mon, 07 Aug 2023 11:53:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=W9Rx6Eoz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231971AbjHGRMD (ORCPT + 99 others); Mon, 7 Aug 2023 13:12:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230343AbjHGRL6 (ORCPT ); Mon, 7 Aug 2023 13:11:58 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 071821A3; Mon, 7 Aug 2023 10:11:57 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-52222562f1eso6588859a12.3; Mon, 07 Aug 2023 10:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1691428315; x=1692033115; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=n++x1VyupiNA1jLZvucgYL91izWJdNor+dndheNguCo=; b=W9Rx6EozIRNL2uZal/Q25+X+xyX9WQ88IheKymL4vdDvOWHBLHyCkkkDKq/+5tZXh1 fY24hvgjUggAzq1XcWKgw3U97gJMnxgmWA9mIU6hGlu0RP+QDyeB2S7ZjDA8p4PVg4Ab PZYvBukK2p5Qqfio/Wj1oiS1+moack1GwTjQ2liT8a2ygSlFANPEZxxGKPyeJIxfDrnT YC83t9RRrUoIBe+BBLSZExpmufDAw/So2rEVMkpHNEnBjqGTnAtheiYwRQHZBtZysBK1 3L8EbDc8YyJfLVKPmUctI0TEDv/k8AwEBxmUcTuBTZe/C74vQ5hq7DznahUfvRUYxmbP i8hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691428315; x=1692033115; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n++x1VyupiNA1jLZvucgYL91izWJdNor+dndheNguCo=; b=D5Y9jquOp0qYqJlom1ZzqQvcLZfJBd3nhRWF0y5XzdMX2MsHVWiFaKbgn4NoQmxe4p N1xZvv178Hr+bBzbFSdoYnyQWYo5pB0spqth2ZWoo4BiWsen+tw6qdzXL+532ndiN5E8 JO3KuAbgCOt5yNk+XwF6Z1U9ftzeCqKcPcsj5opENpK40eZaQ3AosiCf9IOLRWIRT6Nk 16D31IzCUU0Qs8CzL4bdgHPytI+VRvlMw67/tajTCletahGRuxOGqco/+tyHYHMbOBD1 LaxE/FNn61Y6TpGf1xXKZFoFAs5r69ZMhwkM9oyfzNo90JyxjlmaMQ/p2GojwHzoHv7K RKvg== X-Gm-Message-State: AOJu0YwDBgceInAhiFjABBcskjil11S/SrO2/fwro74zHqOpZ5aSH2+V Q/M8g/iaJOTMnvYEtXMkkBjl5JH7F69t2Q== X-Received: by 2002:aa7:da96:0:b0:523:38eb:395f with SMTP id q22-20020aa7da96000000b0052338eb395fmr2338743eds.2.1691428315338; Mon, 07 Aug 2023 10:11:55 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-095-112-033-028.95.112.pool.telefonica.de. [95.112.33.28]) by smtp.gmail.com with ESMTPSA id e10-20020a056402148a00b005224d960e66sm5420814edv.96.2023.08.07.10.11.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 10:11:55 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [PATCH v3 5/7] selinux: avoid implicit conversions in selinuxfs code Date: Mon, 7 Aug 2023 19:11:39 +0200 Message-Id: <20230807171143.208481-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230807171143.208481-1-cgzones@googlemail.com> References: <20230807171143.208481-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773597549054447690 X-GMAIL-MSGID: 1773597549054447690 Use umode_t as parameter type for sel_make_inode(), which assigns the value to the member i_mode of struct inode. Use identical and unsigned types for loop iterators. Signed-off-by: Christian Göttsche --- v3: - drop leftover declaration in init-clauses of for loops - use unsigned int instead of u32 for loop iterator with loop bounds known at compile time to be small (<100) v2: avoid declarations in init-clauses of for loops --- security/selinux/selinuxfs.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index b969e87fd870..107b028d5e40 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -97,7 +97,7 @@ static int selinux_fs_info_create(struct super_block *sb) static void selinux_fs_info_free(struct super_block *sb) { struct selinux_fs_info *fsi = sb->s_fs_info; - int i; + unsigned int i; if (fsi) { for (i = 0; i < fsi->bool_num; i++) @@ -1075,8 +1075,8 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size) u32 sid, *sids = NULL; ssize_t length; char *newcon; - int i, rc; - u32 len, nsids; + int rc; + u32 i, len, nsids; length = avc_has_perm(current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__COMPUTE_USER, @@ -1192,7 +1192,7 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size) return length; } -static struct inode *sel_make_inode(struct super_block *sb, int mode) +static struct inode *sel_make_inode(struct super_block *sb, umode_t mode) { struct inode *ret = new_inode(sb); @@ -1613,7 +1613,7 @@ static int sel_make_avc_files(struct dentry *dir) { struct super_block *sb = dir->d_sb; struct selinux_fs_info *fsi = sb->s_fs_info; - int i; + unsigned int i; static const struct tree_descr files[] = { { "cache_threshold", &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, @@ -1649,7 +1649,7 @@ static int sel_make_ss_files(struct dentry *dir) { struct super_block *sb = dir->d_sb; struct selinux_fs_info *fsi = sb->s_fs_info; - int i; + unsigned int i; static const struct tree_descr files[] = { { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO }, }; @@ -1700,7 +1700,7 @@ static const struct file_operations sel_initcon_ops = { static int sel_make_initcon_files(struct dentry *dir) { - int i; + unsigned int i; for (i = 1; i <= SECINITSID_NUM; i++) { struct inode *inode; From patchwork Mon Aug 7 17:11:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 132337 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp1670019vqr; Mon, 7 Aug 2023 12:38:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGIsFTlVCvtUJBfan4qOjBmSl1a5xHwTa2mUaUL9yZkzv6xk8pIOnLX2j8YbQQqd5hppIs3 X-Received: by 2002:a05:6a20:244b:b0:13e:debc:3657 with SMTP id t11-20020a056a20244b00b0013edebc3657mr8519978pzc.30.1691437088438; Mon, 07 Aug 2023 12:38:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691437088; cv=none; d=google.com; s=arc-20160816; b=MD4sm2Art5n3BEtAgZ5EOZP2MfZxADRmKyk/tmBFanjNv4+aQgsSouG/4GhacdsdQ0 qCfH66yr90MdO4zeHzxIgvavGbsLiftsPdpt/wEDERFN4TfheRuZ+FYvbIDXO6AMkLa2 Kk3zbnF1fySYNlOTz95KsbbB5wu/jcK+WZ079yk4qNNR5DL+Ao79UlHH1/a7Wa9xWDgQ gfl//BiT+D+eIkZyk9pWNqYROGcx3eSyS+1VoMtrycH6NaI59tRXPFHjgkMG7wUr53pt naOX4UUK48ZVz8LPHP8aa7gCqYWGnMEZKqTd3VTht7fVSpthEiqVGu7SB0xtVOofByZr RA/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=dEh6ez/EHFv9/uxbCXXQ+0s/+H6opkFl4Y60bZY4pQI=; fh=wzzqoiy4jRPqAEB8fZSFn0KOU/wu3n0NZfveTutzhZo=; b=VSMc9OycKSL/gLucwsmm9nmuB/dspeNonM7+xD4xSQAC+ozoHDCMeiaFgsASKx/L/G u78LpbsOmvwok+zG2e4oBS4SfnUuX10puTM5iFyGmKLYaZ5ZulBfTX1zJXhlO3mCsQMa hgtHmnGucy6QEH/+dMs0dXogGfs2q6OTTR66kUHJbFgUGb3VieQDSIFzAOhf8nf3dISl mHQI292v0SNd9jnhyfn/ofVIORel+bQJm4PU3XkF/yXEiSqm1S6KQYvG2YtRfoQaEKX8 fCi9XCvD9ukhUOYKWOvAc46ujgTnq9H/d/G3CbjlCvaua6N8k5CZ4ZAR10EgWo8pMu2D Y5lQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=VnS1UOb1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s1-20020a63dc01000000b005538432adcasi5909555pgg.57.2023.08.07.12.37.55; Mon, 07 Aug 2023 12:38:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=VnS1UOb1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230343AbjHGRML (ORCPT + 99 others); Mon, 7 Aug 2023 13:12:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43334 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231689AbjHGRL7 (ORCPT ); Mon, 7 Aug 2023 13:11:59 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A3A11A4; Mon, 7 Aug 2023 10:11:58 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-52327d63d7cso3274786a12.1; Mon, 07 Aug 2023 10:11:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1691428317; x=1692033117; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dEh6ez/EHFv9/uxbCXXQ+0s/+H6opkFl4Y60bZY4pQI=; b=VnS1UOb164DqqY8Roc/WSMtNox1KjuOb8AsnLUhljSu+PJrvCrwJmPc2tc6grHHlDg fna0dP0hgbPSNvnY6937kZNpuwcBqwCQs7ApjtbLXs09eQRxDtLszsIFP5/X3Q3qldU8 f4VfDvfU2B0SEkhvYv1ZkWq3n71aIg6O2f12MtcOyQmdqLVmb1gVsIbt5MHsxe0kTFCT 8fV3xxjqeOas3L7U3r6wUBV5hKuEKUyVpSvTzWCFlK0wqCzMX/JTiVo8zjEIuJ5hZuyM 1s/1A5s+mfl8qo/d2abrrVwaxyC7S0hBXhw6jk6Ju3EwK5G50WouE6GLwbYJnqpo6Gqn 5c1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691428317; x=1692033117; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dEh6ez/EHFv9/uxbCXXQ+0s/+H6opkFl4Y60bZY4pQI=; b=WvfdtZ1joUaZ8m+8imjNH3mCihUf0QlWWn57dNRhS67D3wxZ6ysvSGYRNRYDX/Hnmp Q58CfPOLb2lA/XYrwefeULrEg/2tOnyu4qRVEIeHIAb9BGSeGqh3LGzLzjBnBIeqf47P 4aSEB77bIvvMwiok8QNSicjbwX5h4/51mibEMyBNzCmPKstclo9j7U0jaFSwRN+Regc3 gDpd8ak6c18R0pNQIEho8fnnofSIbrNJ4Kq09au01DJiiYcr6PypiqvkPNQBLdEr4LBU UTbjYijrRnkgKailNgjFqahKt+71JZh8fKHNUUtBLQxN5Le+RVgAM3ogJv8V9gipkSnz hDrg== X-Gm-Message-State: AOJu0YzgKTMBqseB60zsxRGk8MjhuZfeHXNX3RVu6Jq8TSPa3HRYhTUT 28pWr7jNhTGO+/VrhSTCqJm/xahG9eTNJg== X-Received: by 2002:aa7:c490:0:b0:522:cb97:f196 with SMTP id m16-20020aa7c490000000b00522cb97f196mr8575705edq.36.1691428316637; Mon, 07 Aug 2023 10:11:56 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-095-112-033-028.95.112.pool.telefonica.de. [95.112.33.28]) by smtp.gmail.com with ESMTPSA id e10-20020a056402148a00b005224d960e66sm5420814edv.96.2023.08.07.10.11.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 10:11:56 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , linux-kernel@vger.kernel.org Subject: [PATCH v3 6/7] selinux: avoid implicit conversions in policydb code Date: Mon, 7 Aug 2023 19:11:40 +0200 Message-Id: <20230807171143.208481-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230807171143.208481-1-cgzones@googlemail.com> References: <20230807171143.208481-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773600336599806363 X-GMAIL-MSGID: 1773600336599806363 Use the identical type for local variables, e.g. loop counters. Declare members of struct policydb_compat_info unsigned to consistently use unsigned iterators. They hold read-only non-negative numbers in the global variable policydb_compat. Signed-off-by: Christian Göttsche --- v3: - use unsigned int instead of u32 for iterators where the loop bound is known at compile time and small (<100) /@Paul: keep u32 iterator in policydb_destroy() due to / for (i = 0; i < p->p_types.nprim; i++) / - drop not mentioned protocol and port checks regarding out of range values; there are a couple more of them and those changes are suitable for a different patchset v2: - avoid declarations in init-clauses of for loops - declare members of struct policydb_compat_info unsigned --- security/selinux/ss/policydb.c | 69 ++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 32 deletions(-) diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index a424997c79eb..c3ffe78ef144 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -55,9 +55,9 @@ static const char *const symtab_name[SYM_NUM] = { #endif struct policydb_compat_info { - int version; - int sym_num; - int ocon_num; + unsigned int version; + unsigned int sym_num; + unsigned int ocon_num; }; /* These need to be updated if SYM_NUM or OCON_NUM changes */ @@ -159,9 +159,9 @@ static const struct policydb_compat_info policydb_compat[] = { }, }; -static const struct policydb_compat_info *policydb_lookup_compat(int version) +static const struct policydb_compat_info *policydb_lookup_compat(unsigned int version) { - int i; + unsigned int i; for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { if (policydb_compat[i].version == version) @@ -359,7 +359,7 @@ static int role_tr_destroy(void *key, void *datum, void *p) return 0; } -static void ocontext_destroy(struct ocontext *c, int i) +static void ocontext_destroy(struct ocontext *c, unsigned int i) { if (!c) return; @@ -782,7 +782,7 @@ void policydb_destroy(struct policydb *p) { struct ocontext *c, *ctmp; struct genfs *g, *gtmp; - int i; + u32 i; struct role_allow *ra, *lra = NULL; for (i = 0; i < SYM_NUM; i++) { @@ -1155,8 +1155,8 @@ static int common_read(struct policydb *p, struct symtab *s, void *fp) char *key = NULL; struct common_datum *comdatum; __le32 buf[4]; - u32 len, nel; - int i, rc; + u32 i, len, nel; + int rc; comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); if (!comdatum) @@ -1221,13 +1221,13 @@ static int type_set_read(struct type_set *t, void *fp) static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, - int ncons, int allowxtarget, void *fp) + u32 ncons, int allowxtarget, void *fp) { struct constraint_node *c, *lc; struct constraint_expr *e, *le; __le32 buf[3]; - u32 nexpr; - int rc, i, j, depth; + u32 i, j, nexpr; + int rc, depth; lc = NULL; for (i = 0; i < ncons; i++) { @@ -1319,8 +1319,8 @@ static int class_read(struct policydb *p, struct symtab *s, void *fp) char *key = NULL; struct class_datum *cladatum; __le32 buf[6]; - u32 len, len2, ncons, nel; - int i, rc; + u32 i, len, len2, ncons, nel; + int rc; cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); if (!cladatum) @@ -1413,7 +1413,8 @@ static int role_read(struct policydb *p, struct symtab *s, void *fp) { char *key = NULL; struct role_datum *role; - int rc, to_read = 2; + int rc; + unsigned int to_read = 2; __le32 buf[3]; u32 len; @@ -1469,7 +1470,8 @@ static int type_read(struct policydb *p, struct symtab *s, void *fp) { char *key = NULL; struct type_datum *typdatum; - int rc, to_read = 3; + int rc; + unsigned int to_read = 3; __le32 buf[4]; u32 len; @@ -1543,7 +1545,8 @@ static int user_read(struct policydb *p, struct symtab *s, void *fp) { char *key = NULL; struct user_datum *usrdatum; - int rc, to_read = 2; + int rc; + unsigned int to_read = 2; __le32 buf[3]; u32 len; @@ -1684,7 +1687,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap) upper = user = datum; while (upper->bounds) { struct ebitmap_node *node; - unsigned long bit; + u32 bit; if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { pr_err("SELinux: user %s: " @@ -1720,7 +1723,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap) upper = role = datum; while (upper->bounds) { struct ebitmap_node *node; - unsigned long bit; + u32 bit; if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { pr_err("SELinux: role %s: " @@ -1835,9 +1838,9 @@ static int range_read(struct policydb *p, void *fp) { struct range_trans *rt = NULL; struct mls_range *r = NULL; - int i, rc; + int rc; __le32 buf[2]; - u32 nel; + u32 i, nel; if (p->policyvers < POLICYDB_VERSION_MLS) return 0; @@ -2083,9 +2086,9 @@ static int filename_trans_read_helper(struct policydb *p, void *fp) static int filename_trans_read(struct policydb *p, void *fp) { - u32 nel; + u32 nel, i; __le32 buf[1]; - int rc, i; + int rc; if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) return 0; @@ -2124,8 +2127,8 @@ static int filename_trans_read(struct policydb *p, void *fp) static int genfs_read(struct policydb *p, void *fp) { - int i, j, rc; - u32 nel, nel2, len, len2; + int rc; + u32 i, j, nel, nel2, len, len2; __le32 buf[1]; struct ocontext *l, *c; struct ocontext *newc = NULL; @@ -2238,8 +2241,9 @@ static int genfs_read(struct policydb *p, void *fp) static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info, void *fp) { - int i, j, rc; - u32 nel, len; + int rc; + unsigned int i; + u32 j, nel, len; __be64 prefixbuf[1]; __le32 buf[3]; struct ocontext *l, *c; @@ -2430,9 +2434,9 @@ int policydb_read(struct policydb *p, void *fp) struct role_allow *ra, *lra; struct role_trans_key *rtk = NULL; struct role_trans_datum *rtd = NULL; - int i, j, rc; + int rc; __le32 buf[4]; - u32 len, nprim, nel, perm; + u32 i, j, len, nprim, nel, perm; char *policydb_str; const struct policydb_compat_info *info; @@ -3283,7 +3287,8 @@ static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = { static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info, void *fp) { - unsigned int i, j, rc; + unsigned int i, j; + int rc; size_t nel, len; __be64 prefixbuf[1]; __le32 buf[3]; @@ -3632,10 +3637,10 @@ static int filename_trans_write(struct policydb *p, void *fp) */ int policydb_write(struct policydb *p, void *fp) { - unsigned int i, num_syms; + unsigned int num_syms; int rc; __le32 buf[4]; - u32 config; + u32 config, i; size_t len; const struct policydb_compat_info *info; From patchwork Mon Aug 7 17:11:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 132305 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp1630272vqr; Mon, 7 Aug 2023 11:22:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFfP1+5Q2vZgIOshvLsG7qheU7NLxQ3J0aEST2ffqpP+FruTfMTo2PQflo3cj44eWGFQaZp X-Received: by 2002:a05:6a20:42a0:b0:130:835b:e260 with SMTP id o32-20020a056a2042a000b00130835be260mr10263379pzj.52.1691432579131; Mon, 07 Aug 2023 11:22:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691432579; cv=none; d=google.com; s=arc-20160816; b=svreMc3IBnWFw5xB0qvSMQ9rV8TgFS/5iQf56/J0cGZeY2Dh2QW4Gj4lLLepQ2jcvV i5BZxU8Z4BeikMBDaKvv5LDJ1jTxotWZMYkXNrst/g4XY7I/YYW+QJh5SPJjJhBniUel nk+DltLfbt3x7l/5IE72xOQ/wOMjUSuq4AvaoMNFpOhe8TbLQ8gtzaSVvzWiKwxOtE6Q 9blJSGvyvngdYPPIwifFqAJDZ0q1Yl0oXa1czuxjb2MfcNN9PYbiU742WsWmMKeO15QV npeOWE7DBZwcu151X697PZ8tQIr+GVl9jH3IbBDWHFyR12S4orjwi5qeDG7VfhzDfOck A1Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=5PO+ab1xjCHdDkh5lalW/5rufzTS+75sAkJKeFh3jcU=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=HYctfRJEjZwEY9BUVWeZVSxAkbtoywJHqaqsrXIjVIoqq2bmnpP7UK/+f+fV5rZfAl iSjxe6EEDp3QCN5vH/f6QQ0J8pAxvKNkY9KdcRJO+O0Sez93kuZIrMObnqbYtaLIxrNP mcoDcHtPnXRey4NmJT/t+ZW0Z9I8PqmtOWU3pf1nsyfA3IjTRa+KmS8YoCaW8NQy+7Zx Nke7zEAPzVMe8KP251tZqV7oUE1Igc7L5s1sfNWosYl9TlQLp2lAbAgz9cgWUHl+l2U8 +lOStqOttumn7oF8RFNZFohrXmB/CRRnYX1bTZ1F85aXo4sVEBMgdDi0SDyczbCUN3fE 9XoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=MkS2i21E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x185-20020a6363c2000000b00563dd9beae8si5910885pgb.594.2023.08.07.11.22.46; Mon, 07 Aug 2023 11:22:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=MkS2i21E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232052AbjHGRMP (ORCPT + 99 others); Mon, 7 Aug 2023 13:12:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43352 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231815AbjHGRMA (ORCPT ); Mon, 7 Aug 2023 13:12:00 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 303FFE67; Mon, 7 Aug 2023 10:11:59 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id 4fb4d7f45d1cf-522bd411679so6162910a12.0; Mon, 07 Aug 2023 10:11:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1691428317; x=1692033117; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5PO+ab1xjCHdDkh5lalW/5rufzTS+75sAkJKeFh3jcU=; b=MkS2i21E0eUYZCqU8XweZu22TzsncxX4VTS06KQvJSYwH9QRy8661yD5GMaT08UZ1i CYlsCjWYpVTk8L1W8elqZn8rKZ0ZlpRgRrpx1BTnKs8UUEepzIF5n5v3L2qC4ztZSNeo YD+vCy+k3Lqe1uqXuU1+DFQdsO4qP//RdGAdz69XQfGSvnbIMWH2cMbGJtfha/NaWhia ljj8QFK+04+d5JxmwekasLXudLSK0Gcer6pcLgorZd7yS6cy6cAd5oa8GrGuWM/rAoa5 HkJ7qQ5b3ib156BJ4zf0RanM5hK7BPylzrTBBnfsnjsTXLcen6TzISYubJnBjgAadVyd J5iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691428317; x=1692033117; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5PO+ab1xjCHdDkh5lalW/5rufzTS+75sAkJKeFh3jcU=; b=dU/tVbMa4xvq3ZtatWRqJPSPz8aphXHlHwgy/YfOJxsPFDQay8v5xdJZYgJzqamjiy tU3hqsROnzGkzaA6jQpYwvKUoCME7rqfdv2zrbjqWxLivYccBVFwJE72zSYlxi86TLVP taLGONuKmpqiUXYV1hfIcSmj1gXUTbSCle6DDWHJXCF2Vy86Fe/PbrB39eqTNKjaU9KX 2ii+98imCH0/PjeafLrk4bJ/77R3W2pchko0wWPgNrgP9cTedDOClNc2pBa1PjcVn6zm XMbMrpXLFYaO56W1yaRnaVDkD1ZxTR03LQnBeN+T/PbJZxvTTnk9reutsDKtG06YPyyv ej0w== X-Gm-Message-State: AOJu0Yxq2sDJqDkB4ERE0duiKWC8zkr7Wp8WzSB88ma/+b3Tk6FSmgMY viplGpYGGsfcUDmPCAk37ITY7BSvgUl4Sg== X-Received: by 2002:aa7:d745:0:b0:523:100b:462b with SMTP id a5-20020aa7d745000000b00523100b462bmr9455129eds.5.1691428317675; Mon, 07 Aug 2023 10:11:57 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-095-112-033-028.95.112.pool.telefonica.de. [95.112.33.28]) by smtp.gmail.com with ESMTPSA id e10-20020a056402148a00b005224d960e66sm5420814edv.96.2023.08.07.10.11.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 10:11:57 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [PATCH v3 7/7] selinux: use unsigned iterator in nlmsgtab code Date: Mon, 7 Aug 2023 19:11:41 +0200 Message-Id: <20230807171143.208481-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230807171143.208481-1-cgzones@googlemail.com> References: <20230807171143.208481-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773595608529520485 X-GMAIL-MSGID: 1773595608529520485 Use an unsigned type as loop iterator. Signed-off-by: Christian Göttsche --- v3: use unsigned int instead of u32 since the loop bound is known at compile time and small (<100) v2: avoid declarations in init-clauses of for loops --- security/selinux/nlmsgtab.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 2ee7b4ed43ef..8ff670cf1ee5 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -153,7 +153,8 @@ static const struct nlmsg_perm nlmsg_audit_perms[] = { static int nlmsg_perm(u16 nlmsg_type, u32 *perm, const struct nlmsg_perm *tab, size_t tabsize) { - int i, err = -EINVAL; + unsigned int i; + int err = -EINVAL; for (i = 0; i < tabsize/sizeof(struct nlmsg_perm); i++) if (nlmsg_type == tab[i].nlmsg_type) {